Hello community, here is the log from the commit of package phpMyAdmin checked in at Tue May 2 12:01:42 CEST 2006. -------- --- phpMyAdmin/phpMyAdmin.changes 2006-04-20 17:33:20.000000000 +0200 +++ NOARCH/phpMyAdmin/phpMyAdmin.changes 2006-05-02 11:01:17.000000000 +0200 @@ -1,0 +2,6 @@ +Tue May 2 11:01:30 CEST 2006 - mmarek@suse.cz + +- fixed XSS in error messages + [#170529] (CVE-2006-2031.patch) + +------------------------------------------------------------------- New: ---- phpMyAdmin-2.8.0.3-CVE-2006-2031.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ --- /var/tmp/diff_new_pack.pXt3c1/_old 2006-05-02 12:01:20.000000000 +0200 +++ /var/tmp/diff_new_pack.pXt3c1/_new 2006-05-02 12:01:20.000000000 +0200 @@ -17,11 +17,12 @@ Requires: mod_php_any php-mysql php-bz2 php-gd php-zlib php-iconv php-mcrypt php-session Autoreqprov: on Version: 2.8.0.3 -Release: 4 +Release: 8 %define tarversion %{version} Source0: %{name}-%{tarversion}.tar.bz2 Patch1: %{name}-blowfish_secret.patch Patch2: %{name}-%{version}-CVE-2006-1804.patch +Patch3: %{name}-%{version}-CVE-2006-2031.patch URL: http://www.phpMyAdmin.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Administration of MySQL over the web @@ -66,6 +67,7 @@ %setup -q -n %{name}-%{tarversion} %patch1 %patch2 +%patch3 find . -type d -exec chmod 755 {} \; find . -type f -exec chmod 644 {} \; find . -type f -name '*.orig' -exec rm {} \; @@ -128,6 +130,9 @@ %verify(not md5 size mtime) %config(noreplace) %{serverroot}%{name}/libraries/blowfish_secret.inc.php %changelog -n phpMyAdmin +* Tue May 02 2006 - mmarek@suse.cz +- fixed XSS in error messages + [#170529] (CVE-2006-2031.patch) * Thu Apr 20 2006 - mmarek@suse.cz - fixed XSS in sql.php (and other scripts): add a secret token to each link and form to prevent linking to sql.php from outside ++++++ phpMyAdmin-2.8.0.3-CVE-2006-2031.patch ++++++ --- libraries/select_lang.lib.php +++ libraries/select_lang.lib.php @@ -415,7 +415,7 @@ $GLOBALS['PMA_errors'][] = sprintf($strLanguageUnknown, $lang_failed_cookie); } if ($lang_failed_request) { - $GLOBALS['PMA_errors'][] = sprintf($strLanguageUnknown, $lang_failed_request); + $GLOBALS['PMA_errors'][] = sprintf($strLanguageUnknown, htmlspecialchars($lang_failed_request)); } unset($lang_file, $lang_path, $strLanguageFileNotFound, $line, $fall_back_lang, --- libraries/Theme_Manager.class.php +++ libraries/Theme_Manager.class.php @@ -80,7 +80,7 @@ { if ( ! $this->checkTheme($theme)) { $GLOBALS['PMA_errors'][] = sprintf($GLOBALS['strThemeNotFound'], - $theme); + htmlspecialchars($theme)); trigger_error( sprintf($GLOBALS['strThemeNotFound'], PMA_sanitize($theme)), E_USER_WARNING); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...